How can you connect to cable modem?

J

JJ Johnson

Gawd
Joined
Jun 26, 2008
Messages
802
Well, not really how. More like: how is it possible?

How is that with my LAN set up with a subnet of 192.168.3/24, that I'm able to pull up the web interface of my Arris cable modem at 192.168.100.1, which would seem to be on a separate network?
 
Last edited:
Yep, I've wondered that myself.

I can access my cable modem @192.168.100.1 in a browser even though my LAN subnet is different.

The way I've heard it explained is that the router can't see that subnet on the LAN but that it does look for it over the WAN.
The cable modem responds back to the router and there you go. Must be because it's only the one hop. Dunno.

I'm not sure how the magic works as to how cable modem knows to give the router a public IP instead of a private IP.
Though on some cable modems (with router functions) you have to do that manually, it doesn't happen automagically.

It probably won't work if your LAN subnet is the same as the cable modems LAN subnet (192.168.100.0/24 in my case).

ETA: Maybe the LAN side of the cable modem is essentially a /32 mask, one host.


.
 
Last edited:
Your router is recognizing 192.168.100.1 as an address not in any of its "directly connected" networks. It therefore goes out and hits its default gateway on the WAN side which directs you to the Arris management page.

How this exactly works past your home router, I'm not sure. My guess is that 192.168.100.1 is some sort of VIP (virtual IP) that the cable modem recognizes and redirects you to the cable modem's management page using the management IP address it pulls from your provider's network. The redirect is masked so you can't see what your cable modem's management IP on your providers network leaving you with "192.168.100.1" in your browser's address bar. The IP it redirects you to is most likely something in the 10.0.0.0/8 subnet.

On my ISP's network, their internal management network is completely exposed to subscribers. I found one day while trying to navigate to a private IP on my own internal work network that I was hitting a bunch of Arris cable modem pages. Once I realized I forgot to VPN, I was shocked that they would leave everyone's cable modem completely open to all subs to randomly hit. I'm sure some script kiddies out there could have a lot of fun spontaneously rebooting people's cable modems.

edit: another thing to note is that in corporate environments, it's extremely bad practice to pass any of the RFC1918 address block through to your ISP/WAN and is therefore blocked. If you are running a more advanced router such as Pfsense, there is an option to block these on your WAN interface which I would think would cut you off from your cable modem's management page entirely since it's in the 192.168.0.0/16 block.
 
>>If you are running a more advanced router such as Pfsense, there is an option to block these on your WAN interface which I would think would cut you off from your cable modem's management page entirely since it's in the 192.168.0.0/16 block.

Yep. I've seen that "Block private subnets" in some routers.
That came to my mind too as I was mulling over this issue.

.
 
And similarly: Let's say I get a new network-connected device and it has an http based management interface and a default network address of something like 192.168.0.1. Typically, I've always had to (or thought I had to) temporarily change the IP address of my PC to be on that subnet to configure the device. Wouldn't that be similar? Why would the PC need to be on the subnet in once case, but not the other?
 
JJ Johnson said:
And similarly: Let's say I get a new network-connected device and it has an http based management interface and a default network address of something like 192.168.0.1. Typically, I've always had to (or thought I had to) temporarily change the IP address of my PC to be on that subnet to configure the device. Wouldn't that be similar? Why would the PC need to be on the subnet in once case, but not the other?
Click to expand...
Because your home router does not know how to reach the 192.168.0.0/whatever network. It therefore tries to push you on the WAN side where the connection dies since your ISP will not pass traffic from the "private" IP address block. That's why connecting your laptop to the device and putting it in the same subnet is the best option because you establish a direct Layer 2 connection which cuts routing out of the equation.

The only reason why you can hit your cable modem at 192.168.100.1/24 subnet is because the modem is doing some sort of black magic that's redirecting/routing you to an accessible address.

If you plugged a device with an IP of 192.168.0.1 into your home network which is subnetted at 192.168.3.0/24, your laptop would go through this process: (note: this is very loosely summarized - it's a tad bit more complicated than this):

-Laptop says "is 192.168.0.1 in any of my directly connected networks?" NO
-Do I have a route that contains 192.168.0.1? NO
-Route to default gateway
-Default gateway (your home router) says "is 192.168.0.1 in any of my directly connected networks?" NO
-Do I have a route that contains 192.168.0.1? NO
-Route/NAT to ISP default gateway
-ISP drops packet because destination IP is in private address space
 
Last edited:
You must log in or register to reply here.
Back
Top